<?php
session_start(); //daftarin session id 

include('./config/connection.php');
/* Koneksi database*/
?>

<?php
    echo'<style type="text/css">
      body {
        padding-top: 60px;
        padding-bottom: 40px;
      }
      .sidebar-nav {
        padding: 9px 0;
      }
    </style>
    
    <link href="../assets/css/bootstrap-responsive.css" rel="stylesheet">';
    echo'<link href="./assets/css/bootstrap.css" rel=stylesheet>';
    echo'<script src="./assets/js/jquery.js"></script>';
    echo'<script src="./assets/js/bootstrap-transition.js"></script>';
    echo'<script src="./assets/js/bootstrap-alert.js"></script>';
    echo'<script src="./assets/js/bootstrap-modal.js"></script>';
    echo'<script src="./assets/js/bootstrap-dropdown.js"></script>
    <script src="./assets/js/bootstrap-scrollspy.js"></script>
    <script src="./assets/js/bootstrap-tab.js"></script>
    <script src="./assets/js/bootstrap-tooltip.js"></script>
    <script src="./assets/js/bootstrap-popover.js"></script>
    <script src="./assets/js/bootstrap-button.js"></script>
    <script src="./assets/js/bootstrap-collapse.js"></script>
    <script src="./assets/js/bootstrap-carousel.js"></script>
    <script src="./assets/js/bootstrap-typeahead.js"></script>    
';
?>
<?php
/* Ambil variabel */
function anti_injection($data){
	$f  = stripslashes(strip_tags(htmlspecialchars($data,ENT_QUOTES)));
	return $f;
}

$username = anti_injection($_REQUEST['username']);
$password = anti_injection($_REQUEST['password']);

$password = encrypt_password($password);
//echo $password; exit;

/* Validasi */
$login=false;
if(empty($username) || empty($password))
{
	echo'<div class="alert">
			<button class="close" data-dismiss="alert">×</button>
				<strong><center>Warning!</strong> Username dan Password harus diisi.</center>
		 </div>';
}
else
{
	$sql = 'select * from admin where username="'.$username.'"';
	$query = mysql_query($sql);
	$row = mysql_fetch_array($query);
	
	if(mysql_num_rows($query) == 0)
	{
		echo'<div class="alert">
		<button class="close" data-dismiss="alert">×</button>
			<center><strong>Warning!</strong> Username tidak ditemukan.</center>
			</div>';
	}
	else
	{
		//echo $row['password'] . ' dan ' . $password; exit;
		if($row['password'] != $password)
		{ 
			echo'<div class="alert">
                <button class="close" data-dismiss="alert">×</button>
                    <center><strong>Warning!</strong> Password yang Anda masukkan SALAH. Silahkan ulangi lagi.</center>
                    </div>';
 
		}
		else
		{
			/*Daftarkan ke server sbg variabel global*/
			/* session_register() Sebaiknya tdk digunakan (Deprecated Function)
			session_register( 'ID', 'PASS' );
			*/
			$_SESSION['username'] = $username;
			$login = true;
		}
	}
}

if($login)
{
	
	// jika sukses login
	echo '<meta http-equiv="refresh" content="0;URL=home.php">';
}
else
{
	echo '<meta http-equiv="refresh" content="2;URL=index.html">';
}
?>